Announcing GaitAuth™

Are Humans The “Weak Link?”

Security professionals often lament the “human element.” It is only due to human fallibility that our systems are not secure. We are not good at coming up with or keeping track of passwords. We don’t follow security guidelines. We are easily fooled by phishing or social engineering. We often act in ways that leave systems vulnerable.

It is time to flip this attitude around. Yes, humans are not machines. We are wonderfully flawed. And each of us is profoundly unique; a combination of nature and nurture, a product of our experience and circumstance, all woven together with the human spirit to form the tapestry of who we are. All of these little imperfections are not “bugs” to be fixed, but form the core of our humanity.

GaitAuth: One Small Step for Man, One Giant Leap for Authentication

Today, we are releasing a new API called GaitAuth™. It can authenticate a person based on the motion associated with their gait – the way they walk – completely passively and at a high level of accuracy. It is able to return an authentication result after only a few steps of carrying your phone. This allows you to authenticate a user using one of the most natural human actions: walking.

You may wonder how unique someone’s gait truly is. Your gait is a product of your unique physiology and years of muscle memory. And unlike static biometrics like fingerprint or facial recognition, it is dynamic and constantly changing, and it is hard for others to spoof and steal. We’ve tested our models using anonymized data from millions of mobile phones and found the accuracy of gait-based authentication can rival other biometrics like fingerprint, iris, or face. Gait also has the benefit that it continues to work even if the user is wearing a face mask or gloves.

GaitAuth is the culmination of almost four years of research and development from the UnifyID team to bring a solution that is highly accurate, efficient, robust, and secure. I’m proud of what they have been able to accomplish and the results are truly amazing.

GaitAuth Use Cases

Because GaitAuth can run passively in the background, it is useful in a wide variety of situations:

  • GaitAuth is an ideal solution where passive or continuous authentication is desired. With GaitAuth, you can detect if a device changes possession within a handful of steps and deauthenticate the user. The user also does not need to be walking to authenticate. Because GaitAuth runs passively in the background, you can also use historical information about the last time they were walking and whether the phone has left their possession since that time.
  • GaitAuth helps provide seamless access control for doors and smart locks. By using GaitAuth, a user can walk up to a door with their phone and have the door unlock automatically. If someone steals their phone, their gait signature will not match and they cannot unlock the door. In fact, GaitAuth is the only multifactor authentication technique that requires no user interaction or training – it combines something you have (your phone) with something you are (your unique gait) without requiring the user to do anything extra.
  • GaitAuth is also useful for vehicles and travel. With GaitAuth integrated into your car’s mobile app, you won’t need to carry keys to your car anymore. You can walk up to your car with your phone and the door will unlock, and even if someone grabs your phone, they won’t be able to get into your car. It is also useful for seamless authentication for the entire travel journey, from the moment you leave your door, to airport security, to boarding, to rental cars, to hotels, to dining and activities, all of which have friction due to authentication. Using GaitAuth allows many of these interactions to become much more seamless.
  • GaitAuth is a great fit for situations where workers have access to sensitive data, but are on the move and need to authenticate often, such as medical workers, airport personnel, or flight attendants. This is especially true if workers may be wearing masks or gloves, as face or fingerprint recognition may be impractical.
  • GaitAuth is also useful for cross-device authentication like automatically unlocking your computer when you approach your desk or touchless access to ATMs, kiosks, or point terminals. You can leverage the passive GaitAuth biometric signal from the phone to authenticate to other devices, without having to take out your phone.

GaitAuth is now available for both iOS and Android as a modular SDK you can link into any mobile application. It is lightweight (<2 MB), low-power, and uses only minimal network as the motion data is processed directly on the phone.

GaitAuth is the first of our public APIs we are releasing with the goal of continuous, implicit authentication, with more to come. Rather than view humans as the weak link in security, we want to use what makes us unique as humans to strengthen security. Our GaitAuth API is our first “step” towards our goal of making our experiences with security and authentication more seamless, more usable, and ultimately, more human.

A load balancer that learns, WebTorch

In my previous blog post “How I stopped worrying and embraced docker microservices” I talked about why Microservices are the bees knees for scaling Machine Learning in production. A fair amount of time has passed (almost a year ago, whoa) and it proved that building Deep Learning pipelines in production is a more complex, multi-aspect problem. Yes, microservices are an amazing tool, both for software reuse, distributed systems design, quick failure and recovery, yada yada. But what seems very obvious now, is that Machine Learning services are very stateful, and statefulness is a problem for horizontal scaling.

Context switching latency

An easy way to deal with this issue is understand that ML models are large, and thus should not be context switched. If a model is started on instance A, you should try to keep it on instance A as long as possible. Nginx Plus comes with support for sticky sessions, which means that requests can always be load balanced on the same upstream a super useful feature. That was 30% of the message of my Nginxconf 2017 talk.

The other 70% of my message was urging people to move AWAY from microservices for Machine Learning. In an extreme example, we announced WebTorch, a full-on Deep Learning stack on top of an HTTP server, running as a single program. For your reference, a Deep Learning stack looks like this.

Pipeline required for Deep Learning in production.
What is this data, why is it so dirty, alright now it’s clean but my Neural net still doesn’t get it, finally it gets it!

Now consider the two extremes in implementing this pipeline;

  1. Every stage is a microservice.
  2. The whole thing is one service.

Both seem equally terrible for different reasons and here I will explain why designing an ML pipeline is a zero-sum problem.

Communication latency

If every stage of the pipeline is a microservice this introduces a huge communication overhead between microservices. This is because very large dataframes which need to be passed between services also need to be

  1. Serialized
  2. Compressed (+ Encrypted)
  3. Queued
  4. Transfered
  5. Dequeued
  6. Decompressed (+ Decrypted)
  7. Deserialized

What a pain, what a terrible thing to spend cycles on. All of these actions need to be repeated every time the microservice limit is crossed. The horror, the terrible end-to-end performance horror!

In the opposite case, you’re writing a monolith which is hard to maintain, probably you’re either using uncomfortable semantics either for writing the HTTP server or the ML part, can’t monitor the in between stages etc. Like I said, writing a ML pipeline for production is a zero-sum problem.

An extreme example; All-in-one deep learning

Venn diagram of torch, nginx
Torch and Nginx have one thing in common, the amazing LuaJIT

That’s right, you’ll need to look at your use case and decide where you draw the line. Where does the HTTP server stop and where does the ML back-end start. If only there was a tool that made this decision easy and allowed you to even go to the extreme case of writing a monolith, without sacrificing either HTTP performance (and pretty HTTP server semantics) or ML performance and relevance in the rapid growing Deep Learning market. Now such a tool is here (in alpha) and it’s called WebTorch.

WebTorch is the freak child of the fastest, most stable HTTP server, nginx and the fastest, most relevant Deep Learning framework Torch.

Now of course that doesn’t mean WebTorch is either the best performance HTTP server and/or the best performing Deep Learning framework, but it’s at least worth a look right? So I run some benchmarks, loaded the XOR neural network found at the torch training page. I used another popular Lua tool, wrk to benchmark my server. I’m sending serialized Torch 2D DoubleTensor tensors to my server using POST requests to train. Here’s the results:

Huzha! Over 1000 req/sec on my Macbook air, with no Cuda support and 2 Intel cores!

So there, plug that into a CUDA machine and see how much performance you squeeze out of that bad baby. I hope I have convinced you that sometimes, mixing two great things CAN lead to something great and that WebTorch is an ambitious and interesting open source project!

And hopefully, in due time it will become a fast, production level server which makes it easy for Data Scientists to deploy their models in the cloud (do people still say cloud?) and devOps people to deploy and scale.

Possible applications of such a tool include, but not limited to:

  • Classification of streaming data
  • Adaptive load balancing
  • DDoS attack/intrusion detection
  • Detect and adapt to upstream failures
  • Train and serve NNs
  • Use cuDNN, cuNN and cuTorch inside NGINX
  • Write GPGPU code on NGINX
  • Machine learning NGINX plugins
  • Easily serve GPGPU code
  • Rapid prototyping Deep Learning solutions

Maybe your own?

Our Pledge to Inclusion and Diversity: 1 Year Later

Lack of diversity in tech has been a long-standing problem, but in recent months it’s become increasingly apparent that inclusion is more than an aspirational need. Diversity is the DNA that creates robust, flourishing environments primed for tough conversations and progressive thinking at UnifyID.

Last June, UnifyID was one of 33 companies that signed the White House Tech Inclusion Pledge on the eve of President Obama’s Global Entrepreneurship Innovation Summit 2016 to ensure that our employees reflect the diverse nature of the American workforce.

Although UnifyID is a small startup, we still want to lead in all areas of our business—and diversity is no exception. As an inaugural signatory of this agreement, the first of its kind, we proudly reaffirm our commitment to being an industry leader in promoting inclusion for all.

Our team on a normal day in the office.

The pledge was three-part, with the central aim of increasing representation of underrepresented groups:

“Implement and publish company-specific goals to recruit, retain, and advance diverse technology talent, and operationalize concrete measures to create and sustain an inclusive culture.”

This was a task we have invested significant time and effort into accomplishing, particularly in our recruitment operations. Many job seekers and experts alike have criticized the inconsistent process around the technical interview, noting its irrelevance to the workplace and its unnecessary biases against women. Taking into account these guidelines from Code2040, a collaborating organization of the Tech Inclusion Pledge, we’ve created a low stress, context-relevant, and fun language-agnostic technical challenge to improve the non-biased screening in our recruiting process.

“Annually publish data and progress metrics on the diversity of our technology workforce across functional areas and seniority levels.”

It is important to us that we are transparent about our gender, racial, and ethnic data because diversity and inclusion is a core part of our company mission to be authentic, be yourself. As such, this report is our first attempt at this, and we hope to make future updates more frequently.

On our team, 70 percent are people of color and 24 percent are women. Immigrants make up a significant part of the American workforce, and we are also proud to call UnifyID the workplace of immigrants who collectively represent 17 nationalities (including our interns). Paulo, one of our machine learning engineers, has quipped, “the office sometimes feels like a Model UN conference!” While our size makes us unable to release more detailed breakouts (we respect employee privacy), we will continue to release diversity data in a timely and transparent fashion.

“Invest in partnerships to build a diverse pipeline of technology talent to increase our ability to recognize, develop and support talent from all backgrounds.”

Here in the Bay Area, we are surrounded by terrific organizations that support underrepresented groups in tech, and we’ve been fortunate to be involved in these events. Some of these events include the Out for Undergrad (O4U) annual Tech Conference, which allowed us to connect with many high-achieving LGBTQ+ undergraduates from across the country, as well as the Y Combinator-hosted Female Founders Conference, or even SF Pride last month!

Our head of Product, Grace Chang, at last year’s Out for Undergrad (O4U) Tech Conference!

Diversity strengthens us as a company and as a country, so this remains one of our foremost priorities as we continue to grow (we’re hiring) and we hope to see improvement in our workplace and in the industry as a whole. We are thrilled that today, the number of companies that have signed the pledge has risen to 80.

We encourage more companies to sign this Tech Inclusion Pledge here.

UnifyID Takes Home the Win at SXSW!

Our first trip to SXSW didn’t disappoint! Among the legions of Interactive and Film conference goers, were scores of locals partaking in the immersive spectacle of Austin–attendees in all, 50k strong in the first week. For a bay area San Francisco startup, weird is relative.

At SXSW, Bravo promotes its new show, Stripped on 6th Street in Austin, and on our right, San Francisco from my Facebook feed in the same day, #stayweird. Photo credit: thanks Shannon! (?)

Companies, marketers, creatives, tastemakers, brands, and bands are all vying for visibility, reach, and engagement. The hype game was strong; however, if you could but for a moment suspend a cynic’s disbelief, those ice-cold Lone Stars and live music erupting in every drizzling corner of Austin became magical.

UnifyID was incredibly honored to place #1 in the Security and Privacy track at SXSW’s annual Interactive Accelerator but part of what made that win so sweet was the goodwill of the SXSW attendees. In a surprising moment on stage, a room of about 400 people became an intimate family affair for a few minutes. Together, we all sang happy birthday to Sophie, John’s newly turned 4-year old daughter.

Thank you to everyone at SXSW for making our exclusive Silent Disco Brunch a success and our Accelerator Pitch one for the books!

UnifyID Scores a Unanimous Win at RSA Innovation Sandbox!

Behind every great idea, there lies a kernel of unequivocal human truth and a long road of execution to realize those intentions. On Monday, February 13th, the UnifyID team delivered and unanimously won RSA’s 2017 Innovation Sandbox competition.

“UnifyID demonstrated they were the most innovative by proving there is a way to actually leverage the individuality of humans to improve security.”
– Linda Gray Martin, Director & General Manager of RSA Conference. 

UnifyID Founder and CEO, John Whaley captivated a 1,200-person standing-room-only audience on its toes after a 3-minute pitch and 3-minute rapid-fire line of questioning from a panel of venture capitalists, entrepreneurs, and large security company judges.

Watch the 3-minute pitch below!

Many thanks to RSA and all our supporters who also saw that unequivocal human truth: there is only one you in the world.

We are on a mission to change the world and build a revolutionary identity platform based on implicit authentication to make your security seamless.

Announcing the UnifyID Spring AI Fellowship

Today, we would like to announce the UnifyID AI Fellowship program for Spring 2017. This is the second edition of the fellowship (Fall 2016 cohort) and is expected to run for 12 weeks, February 23 through May 18. This selective, cross-disciplinary program covers the following areas:

  • Deep Learning
  • Signal Processing
  • Optimization Theory
  • Sensor Technology
  • Mobile Development
  • Statistical Machine Learning
  • Security and Identity
  • Human Behavior
  • UX/UI Development for the above areas
  • Tech Journalism for the above areas
  • Special Focus:

We will be assigning one fellow to work on fakenewschallenge.org in collaboration with Dr. Dean Pomerleau of the Carnegie Mellon University Robotics Institute. If interested, please add a note in your application. We expect this fellowship applicant to have substantial experience with handling textual data and NLP expertise. The application should reflect links to previous work in this domain.

 

FELLOWSHIP DETAILS

Our UnifyID AI Fellows will be initially allocated to a well-defined project matched with their area of interest and expertise and also mapped to a fellowship mentor. The fellows are then presented with a week’s time to collaborate with the mentor and come up with an 11-week timeline roughly detailing the pathway that they plan to take to achieve the project end-goals.

During the fellowship, the fellows are expected to convene in-person and present weekly updates every Thursday evening in our office located in SoMa, San Francisco. In exceptional cases, individuals will be allowed to present via video chat. Absentees in these update-presentation sessions for two consecutive weeks will result in an automatic ejection from the fellowship.

All selected fellows will be awarded:

  1. Life-long designation as a UnifyID AI Fellow.
  2. A fellowship stipend.
  3. Access to state-of-the-art GPU hardware and $360,000 in Microsoft Azure cloud service credits.
  4. Access to our office space in SoMa.
  5. Prepaid Clipper card to help with commuting to/from the office.
  6. A chance to collaborate and publish with top-tier security experts from MIT, Stanford, CMU, Berkeley, Dartmouth, etc.
  7. Conference registration fees for all of the publications that emanate from the fellowship.
  8. Travel expenses for one flagship top-tier conference in case fellow’s work gets accepted as a publication.
  9. A citation and certificate commemorating your achievement.
  10. Exclusive UnifyID Fellow swag.
  11. A chance to present at the UnifyID Tech-expo Day in May 2017.

 

DELIVERABLES

  1. A short paper describing the project.
  2. A detailed, well-commented code submission on either ai-on.org or http://www.gitxiv.com (in case you have an arxiv worthy submission).
  3. A one-page blog post providing a less technical version of the project details. ($ ipython nbconvert–to markdown notebook.ipynb–stdout will do!)
  4. A final presentation in .ppt or .pdf format during the UnifyID Tech-expo Day.

We also expect that with regard to some of the projects, we may be able to munge certain openly available datasets and upload with associated open problems on ai-on.org if the fellow is limited by the timeline of the fellowship.

 

REQUIREMENTS

We welcome applications from practitioners, tech-enthusiasts as well as students spanning both the undergraduate and graduate levels, preferably from the SF bay area. 

 

Tracks Languages Libraries/Platforms/Frameworks
Machine Learning Python, Lua, Julia, R, Scala, Java Scikit-learn, Torch/Autograd, Caffe, Keras with Theano/TensorFlow, Chainer
Mobile Development Swift, Objective C, Java Core Location, Core Motion, Core Bluetooth, DeepLearningKit,Accelerate: BNNS, CoreAudio/AudioKit
Security C, C++, JavaScript AES, RSA, ECDSA, PKI, Functional Encryption, Enclaves (SGX)
UX/UI Development (Portfolio Review)
Tech Journalism (Portfolio Review)

Please apply here with the following:

  1. Resume
  2. A personal statement (no longer than 250 words) explaining what you expect to achieve with this fellowship.
  3. A 5-slide presentation (ppt or pdf) detailing your most cherished accomplishment in the area you are applying to (with links to publication(s), GitHub code-base, live-project link, etc.).

 

UnifyID AI Fellowship

San Francisco, CA

Program Weekend Dates: February 23 – May 18, 2016

Application due date: January 31, 2017, 11:59 PM (PDT)

UnifyID Anoints 16 Distinguished Scientists for the AI Fellowship

Fast Growing Startup Uses Machine Learning to Solve Passwordless Authentication

Today, UnifyID, a service that can authenticate you based on unique factors like the way you walk, type, and sit, announced the final 16 fellows selected for its inaugural Artificial Intelligence Fellowship for the Fall of 2016. Each of the fellows have shown exemplary leadership and curiosity in making a meaningful difference in our society and clearly has an aptitude for making sweeping changes in this rapidly growing area of AI.

Of the company’s recent launch and success at TechCrunch Disrupt, claiming SF Battlefield Runner-Up (2nd in 1000 applicants worldwide), UnifyID CEO John Whaley said, “We were indeed overwhelmed by the amazing response to our first edition of the AI Fellowship and the sheer quality of applicants we received. We also take immense pride in the fact that more than 40% of our chosen cohort will be women, which further reinforces our commitment as one of the original 33 signees of the U.S. White House Tech Inclusion Pledge.”

The final 16 fellows hail from Israel, Paris, Kyoto, Bangalore, and cities across the U.S. with Ph.D., M.S., M.B.A., and B.S. degrees from MIT, Stanford, Berkeley, Harvard, Columbia, NYU-CIMS, UCLA, Wharton, among other top institutions.

  • Aidan Clark triple major in Math, Classical Languages and CS at UC Berkeley
  • Anna Venancio-Marques Data Scientist in Residence, PhD École normale supérieure
  • Arik Sosman Software Engineer at BitGo, 2x Apple WWDC scholar, CeBIT speaker
  • Baiyu Chen Convolutional Neural Network Researcher, Masters in CS at UC Berkeley

  • Fuxiao Xin Lead Machine Learning Scientist at GE Global Research, PhD Bioinformatics

  • Kathy Sohrabi VP Engineering, IoT and sensors, MBA at Wharton, PhD EE at UCLA
  • Kazu Komoto Chief Robotics Engineer, CNET Writer, Masters in ME at Kyoto University

  • Laura Florescu Co-authored Asymptopia, Mathematical Reviewer, PhD CS at NYU

  • Lorraine Lin Managing Director, MFE Berkeley, PhD Oxford, Masters Design Harvard
  • Morgan Lai AI Scientist, MIT Media Lab, Co-founder/CTO, M.Eng. CS at MIT
  • Pushpa Raghani Post Doc Researcher at Stanford and IBM, PhD Physics at JNCASR

  • Raul Puri Machine Learning Development at Berkeley, BS EE/CS/Bioeng at Berkeley
  • Sara Hooker Data Scientist, Founder non-profit, educational access in rural Africa
  • Siraj Raval Data Scientist, the Bill Nye of Computer Science on YouTube

  • Wentao Wang Senior New Tech Integration Engineer at Tesla, PhD ME at MIT

  • Will Grathwohl Computer Vision Specialist, Founder/Chief Scientist, BS CSAIL at MIT

 

This highly selective, cross-disciplinary program covers the following areas:

  • Deep Learning
  • Signal Processing
  • Optimization Theory
  • Sensor Technology
  • Mobile Development
  • Statistical Machine Learning
  • Security and Identity
  • Human Behavior

Our UnifyID AI Fellows will get to choose from one of 16 well-defined projects in the broad area of applied artificial intelligence in the context of solving the problem of seamless personal authentication. The Fellows will be led by our esteemed Fellowship Advisors, renown experts in machine learning and PhDs from CMU, Stanford, and University of Vienna, Austria.

Please welcome our incoming class! ✨

 

Read the original UnifyID AI Fellowship Announcement:

https://unify.id/2016/10/10/announcing-the-unifyid-ai-fellowship/

 

Initial Release:

http://www.prweb.com/releases/2016/unifyid/prweb13804371.htm#!

Announcing the UnifyID AI Fellowship

Today, we would like to announce the UnifyID AI Fellowship program for Fall 2016. The fellowship runs for six weeks, beginning October 28, 2016 through to December 4, 2016. This selective, cross-disciplinary program covers the following areas:

  • Deep Learning
  • Signal Processing
  • Optimization Theory
  • Sensor Technology
  • Mobile Development
  • Statistical Machine Learning
  • Security and Identity
  • Human Behavior

Our UnifyID AI Fellows will get to choose from one of 16 well-defined projects in the broad area of applied artificial intelligence in the context of solving the problem of seamless personal authentication.

All selected fellows will be awarded:

  1. A fellowship stipend.
  2. Access to state-of-the-art GPU hardware and $360,000 in Microsoft Azure cloud service credits.
  3. Weekend access to our office space in SoMa, as well as as-needed access on weekdays.
  4. Prepaid Clipper card to help with commuting to/from the office.
  5. Chance to collaborate and publish with top-tier security experts from MIT, Stanford, CMU, Berkeley, Dartmouth, etc.
  6. A citation, certificate, and plaque commemorating your achievement.
  7. Exclusive UnifyID Fellow signature bags and sweatshirts for the Fall 2016 inaugural class.
  8. A chance to present at the UnifyID Tech-expo Day in December 2016.

We expect the work from your Fellowship to result in either a publication (with fully open-sourced code and data repository on GitHub for reproducible research) or a patent filing.

 

REQUIREMENTS

We welcome applications from practitioners, hackers, tech-enthusiasts as well as students in full-time accredited academic programs both at the undergraduate and graduate levels, preferably from the SF bay area. An ideal candidate has both math and coding chops, but more importantly, this individual is an engineer, signal-processor, hacker, and self-proclaimed guru who is comfortable with crafting, hacking, implementing, re-implementing, and breaking Machine Learning algorithms deep, shallow or otherwise.

 Tracks Machine Learning Mobile Dev.
Languages Python, Lua, Julia, R, Scala, Java Swift, Objective C, Java
Libraries/Platforms/Frameworks Scikit-learn, Torch/Autograd, Caffe, Keras with Theano/TensorFlow, Chainer Core Location, Core Motion, Core Bluetooth, DeepLearningKit, Accelerate: BNNS, CoreAudio/AudioKit
OS Ubuntu, OS X, RHEL / CentOS / Fedora, iOS, Android

Please apply here and include in the open form field, a personal statement (no longer than 250 words) explaining what you expect to achieve with this fellowship along with your favorite moment in the sun (publication, GitHub code-base, live-project link).

 

UnifyID AI Fellowship

San Francisco, CA

Program Weekend Dates: October 28 – December 4, 2016

Application due date: October 17, 2016, 11:59 PM (PDT)

UnifyID Disrupts Disrupt!

We’ve never been one to shy away from making our own path, and if we hear that it’s never been done that way before, we’re eager to try. Courage is in our DNA and gives us the freedom to pursue challenge without inhibitions. We’re humbled to be named TechCrunch Disrupt Battlefield Runner-Up as we launch out of stealth, but we’re even more excited to eliminate passwords forever.

Many thanks to our supporters. We have read every tweet, Facebook post, article, article comment, and secret handshake 🙂

Photo by Oren Haskins

And for those who would like to take this disruptive journey behind Disrupt, sign up for our private beta today at Unify.ID (“Apply for Private Beta” with PTCD and why you’d like to enlist).

Photo by Oren Haskins

We encourage everyone to spread the good word on UnifyID.

Photo by Oren Haskins

We are actively hiring and based in SoMa, San Francisco.

Photo by Oren Haskins

We recognize the importance of diversity in the workplace and actively celebrate what makes each individual unique.

Photo by Oren Haskins

We’re on a mission to change the world and build a revolutionary identity platform based on implicit authentication to make your security seamless.

Introducing UnifyID

After a year and a half of intense heads down work, we are very happy and proud to finally present UnifyID to the world.

Our goal at UnifyID is to solve one of the oldest and most fundamental problems in organized society: How do I know you are who you say you are?

The Status Quo

The traditional (digital) approach to authentication is to use a password. But when you think about it, the whole notion of passwords is pretty absurd. A password is this: I have a secret, and I tell you that secret, and that’s how you know it’s me. The problem is, I’m not very good at coming up with secrets and since I can’t keep track of very many secrets, I keep using the same ones over and over again. It’s frustratingly easy to get phished and tricked into sharing my secret, and don’t even get me started on using public records like my mother’s maiden name as a shared “secret” to authenticate someone!

In the interim, some people say to use a “password manager” to help keep track of all your passwords. Password managers are a band-aid solution. Password managers help you manage your ever growing list of passwords and accounts. They don’t solve this fundamental problem that someone can impersonate you by just knowing a secret. And they are a great honeypot so when your master password is keylogged, leaked, phished, or stolen, instead of just giving up one secret, you just gave up all your secrets.

Another approach is to use biometrics, like your fingerprint, to identify you. Fingerprints are convenient except for the fact that 1) you leave them everywhere you go, and 2) they are very, very difficult to change when they are compromised. Other biometrics are intrusive, annoying, and flaky, and often don’t add much security at all.

A third approach is to use a device to authenticate yourself. This technology has been around for a long time but has never taken off in a mainstream way, despite massive user education campaigns and huge, well-funded industry pushes. The main reason is it adds so much friction to the user experience. You now have something extra you need to carry around. You need to read off a code and type it in before a timer expires. If you forget your device, you are locked out.

Realizing people don’t want to carry extra things around, more recently vendors have moved to “soft tokens”, which are apps on your phone that provide similar functionality and trade off security for the convenience of not having to carry around an extra physical token. Or, services will send you a text message with a code you need to type in, which is not only annoying, but also doesn’t add much security.

The common thread among all of these approaches are 1) they are annoying, and 2) they don’t add much security. These are the two problems we are solving at UnifyID.

absurdpasswords

The Genesis

A few years back, Kurt and I worked on a demo where we captured encrypted packet traces, and by simply looking at the timing between the packets, we could determine the timing of a user’s keystrokes, and ultimately, what the user had typed. People were impressed by the demo but ultimately the interesting and challenging part was the fact that each individual had his or her own unique way of typing. In fact, after we saw you type around four sentences of text, we could uniquely identify you.

We began to look at other aspects we could passively detect that were a) unique per individual and b) did not require any conscious action on the part of the user. We looked at the various sensor data you could get from phones, computers, and wearables. We used signal processing and machine learning to stitch together the various noisy signals from multiple devices. It took a lot of work, but what we discovered was both shocking and heartening: It turns out people are both very predictable and very unique in their behaviors, actions, and environments. In essence, there is only one you in the world, and it was possible to authenticate you based on the sensors already around you. UnifyID was born.

The Future is Implicit

This technology is called implicit authentication. The basic idea is to be yourself, and there is enough that is unique about you that it is possible to authenticate you implicitly; that is, without you having to make any explicit action.

Implicit authentication is not new. In fact, this is how authentication worked since the prehistoric era. People used how you looked, how you moved, how you talked, your possessions, the context in which they encountered you, and how you acted to figure out who you were. Our brains are trained to identify people based on these characteristics and to pick up on subtle clues when something is off. Much like what human beings can do naturally, we discovered it is possible to train a machine learning system to do the same.

The result is truly magical. It makes security much more seamless and natural. You can be yourself, and the devices and services you interact with will naturally recognize you based on your unique characteristics. No passwords to remember, no codes to read off your phone. You are not tied to one device, or have something extra to carry around. The future is implicit.

The applications of this technology are endless, but one key area is in authenticating transactions and preventing account takeover. With our implicit authentication system, we can identify the human behind the device and give a confidence level that they are who they say they are. UnifyID also does continuous authentication, which means we can detect when changes happen and automatically challenge or log out the user.

Balancing Security and User Experience

There has always been a balance between security and user experience. For too long, security solutions have sacrificed user experience in the name of security. But you can’t look at security and user experience independently. Any security solution that does not take into account the user experience will not be successful in the real world. If you make security policies too annoying or add too much friction, people will either find ways around your security policies, or will just be miserable and unproductive.

UnifyID was designed with the user experience in mind. In fact, UnifyID is truly a subtraction from the user experience. Usernames? Passwords? Security questions? Passcodes? When enough signals match, these are completely eliminated from the user experience. In the cases where they don’t match, we issue you a challenge to prove your identity. But even the challenges are designed with the user experience in mind. You can use challenge factors like fingerprints and facial recognition, among others in active development. And the more you use the system, the more the machine learning algorithms adapt to your unique behaviors and environment. UnifyID is not only more convenient, it is also more secure.

UnifyID utilizes combinations of deep neural networks, decision trees, Bayesian networks, signal processing, and semi-supervised and unsupervised machine learning. Our system is able to discover what makes each individual unique and finds correlations between multiple factors that greatly boost the accuracy. “Machine learning” is not just a buzzword for us. We have a great team of machine learning and security experts from MIT, Stanford, Berkeley, and CMU, and are working with world-class advisors in both academia and industry. I’m very proud of the team we have built so far. (And if you want to work on the next revolution in authentication and have fun doing it, we are hiring!)

Nikhil

One example of an implicit factor we use is how you walk. It turns out that an individual’s gait is quite particular to them, and has a number of influences including unique physiology, length of femur, muscle memory, the culture you grew up in, and more. In fact, we can identify you with only four seconds of your walking data from your phone sitting in your pocket. And that is just one of over a hundred different attributes we use to authenticate you.

Experience the Future of Authentication

At UnifyID, we believe it is time for authentication to be about you. Humans have always been considered to be the “weak link” in security. At UnifyID, we turn that around and use what is unique about each individual to enhance security. The best way to authenticate yourself is to be yourself.

UnifyID is the first holistic implicit authentication platform available on the market. We are excited to announce a limited private beta for individuals to test ride the future of authentication in their Chrome browsers and iPhones today.

Embrace your uniqueness. After all, there is no one in the world more you than you.